setup-clojure Support for GHES

There's some complications with the use of the the action in GHES. The first of which is the use of the default token. The GHES token certainly doesn't work for public GitHub, which incidentally blocks us from getting lein installed. Being able to pass in an empty string would be helpful, but with an empty string, the "Bearer " still gets set as the auth, rather than being undefined. A lot of this gets fixed once we get an upstream github token, but that isn't always straightforward.

Nov 06 '24 20:11 isaacsanders

What is GHES?

I think it would be safer to add an explicit option to not add an “Authorization” header instead of a blank line. Something like

      - name: Install clojure tools
        uses: DeLaGuardo/[email protected]
        with:
          no_auth: true
          lein: 2.9.1

What do you think?

Nov 07 '24 09:11 DeLaGuardo

GitHub Enterprise Server

Nov 07 '24 14:11 isaacsanders

I think that could work well

Nov 07 '24 14:11 isaacsanders

@isaacsanders could you try to run from the branch?

        uses: DeLaGuardo/setup-clojure@ac5052cad8ffe5039f26968da4b4a0ca88d00971
        with:
          no-auth: 'true'

Nov 08 '24 11:11 DeLaGuardo

@DeLaGuardo This worked for me

Dec 04 '24 21:12 isaacsanders

This worked for me too for running locally using nektos/act. ~However on Github I get errors about exceeding non-authorized quotas. Also when trying with no-auth: 'false'. Removing no-auth completely makes it work again.~

UPDATE: I was a bad tester. I think it actually works setting it to 'false'.

Dec 09 '24 21:12 PEZ

These are unauthorized requests, and you will run into quotas if you don't cache the results.

Dec 09 '24 21:12 isaacsanders

These are unauthorized requests, and you will run into quotas if you don't cache the results.

You mean it isn't related to using the no-auth directive?

Dec 09 '24 21:12 PEZ

I'm saying it is a direct consequence and known aspect of using the no-auth parameter.

Dec 09 '24 23:12 isaacsanders

on github you are using an IP address within the runner that is likely used by a great number of other people, so the rate will be limited. Locally, on your machine, you are less likely to have used all of the requests according to the rate limit. I used GHES, the enterprise offering, so the autogenerated token from GHA isn't valid for the authentication if generated from GHES, since it is a token for that server, not public github.

Dec 09 '24 23:12 isaacsanders

My point was that I expected that when I set no-auth to false, I would get the “normal” authenticated behaviour that I get when I omit the directive.

And, important: I tested it in a bad way. It actually seems that my assumption may have been correct. Sorry about the noise!

Dec 10 '24 09:12 PEZ

I just published a new version with no auth header in HTTP calls when explicit empty github-token is provided.

To test it in your environment please use following snippet:

      - name: Install all the tools
        uses: DeLaGuardo/[email protected]
        with:
          cli: latest
          lein: latest
          boot: latest
          bb: latest
          clj-kondo: latest
          cljstyle: latest
          zprint: latest

          # Explicit empty string should trigger "no auth" workflow
          # this will not set Authorisation header for any GitHub API http calls
          github-token: ''

Dec 10 '24 11:12 DeLaGuardo

This works great, thank you @DeLaGuardo!

Dec 11 '24 21:12 isaacsanders

    uses: DeLaGuardo/setup-clojure@ac5052cad8ffe5039f26968da4b4a0ca88d00971
    with:
      no-auth: 'true'

Jan 07 '25 16:01 tikto29

@tikto29 you can now use released version of the action with github-token: '' to not use Authorization header for GH API http calls. Example in this comment - https://github.com/DeLaGuardo/setup-clojure/issues/110#issuecomment-2531318613

Jan 07 '25 16:01 DeLaGuardo